Merge pull request 'bekkalokk/nginx: host .well-known' (!79 ) from move-well-known-to-bekkalokk into main

Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/79 Reviewed-by: Daniel Lovbrotte Olsen <danio@pvv.ntnu.no>
bekkalokk/nginx: host .well-known
2025-04-04 21:21:22 +02:00 · 2024-10-20 01:35:22 +02:00 · 2024-10-20 01:34:41 +02:00 · 2024-10-20 01:30:26 +02:00 · 2024-10-19 23:31:29 +02:00 · 2024-10-19 23:31:28 +02:00
8 changed files with 132 additions and 113 deletions
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1728763831,
-        "narHash": "sha256-KOp33tls7jRAhcmu77aVxKpSMou8QgK0BC+Y3sYLuGo=",
+        "lastModified": 1729281548,
+        "narHash": "sha256-MuojlSnwAJAwfhgmW8ZtZrwm2Sko4fqubCvReqbUzYw=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "b6215392ec3bd05e9ebfbb2f7945c414096fce8f",
+        "rev": "a6a3179ddf396dfc28a078e2f169354d0c137125",
        "type": "github"
      },
      "original": {
@ -20,64 +20,25 @@
        "type": "github"
      }
    },
-    "fix-python": {
+    "greg": {
      "inputs": {
-        "flake-utils": "flake-utils",
-        "nixpkgs": [
-          "grzegorz",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1725463969,
-        "narHash": "sha256-d3c1TAlIN1PtK+oQP1wO6XbDfmR4SUp/C/4s7G46ARo=",
-        "owner": "GuillaumeDesforges",
-        "repo": "fix-python",
-        "rev": "2926402234c3f99aa8e4608c51d9ffa73ea403c0",
-        "type": "github"
-      },
-      "original": {
-        "owner": "GuillaumeDesforges",
-        "repo": "fix-python",
-        "type": "github"
-      }
-    },
-    "flake-utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1689068808,
-        "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
-        "type": "github"
-      },
-      "original": {
-        "id": "flake-utils",
-        "type": "indirect"
-      }
-    },
-    "grzegorz": {
-      "inputs": {
-        "fix-python": "fix-python",
        "nixpkgs": [
          "nixpkgs"
-        ]
+        ],
+        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1726861911,
-        "narHash": "sha256-pXPmVp4AgszzJXlLjj8r9NxoDvxoV4USGaiMwqCyb4M=",
-        "ref": "refs/heads/master",
-        "rev": "d10db19d7df5c5c2cd2dcb878376d5d681f6c2f2",
-        "revCount": 94,
+        "lastModified": 1722796402,
+        "narHash": "sha256-Y6PdbTcfzDAZkVTLhTbRJMJCVR3KtCI7QyGqPR141uw=",
+        "ref": "refs/heads/main",
+        "rev": "c1438f248020e4c71673c59501ae87ea4f5bec4f",
+        "revCount": 16,
        "type": "git",
-        "url": "https://git.pvv.ntnu.no/Projects/grzegorz.git"
+        "url": "https://git.pvv.ntnu.no/Projects/greg-ng.git"
      },
      "original": {
        "type": "git",
-        "url": "https://git.pvv.ntnu.no/Projects/grzegorz.git"
+        "url": "https://git.pvv.ntnu.no/Projects/greg-ng.git"
      }
    },
    "grzegorz-clients": {
@ -158,11 +119,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1728843132,
-        "narHash": "sha256-VWIF1sMD6MJZyB+x5z0ZpirQdH8Cqb3avboq1VfSjRg=",
+        "lastModified": 1729307008,
+        "narHash": "sha256-QUvb6epgKi9pCu9CttRQW4y5NqJ+snKr1FZpG/x3Wtc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "414e01b61f0015e49353a6104824b9385a430a5d",
+        "rev": "a9b86fc2290b69375c5542b622088eb6eca2a7c3",
        "type": "github"
      },
      "original": {
@ -190,11 +151,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1728805616,
-        "narHash": "sha256-CfPKX2yaHwTOpGqcul89N12zjRfZ8GOSxG24/Ao9BcQ=",
+        "lastModified": 1729308112,
+        "narHash": "sha256-Ap+cPeiluam2KFZO+OWuFTl/IkIJfyGYGMgkT2pVCRY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "73057677e8557925e999ac54196423fa34418c24",
+        "rev": "61253596816c4cd65e2a0f474cbc0ac0c6e0f7cf",
        "type": "github"
      },
      "original": {
@ -247,7 +208,7 @@
    "root": {
      "inputs": {
        "disko": "disko",
-        "grzegorz": "grzegorz",
+        "greg": "greg",
        "grzegorz-clients": "grzegorz-clients",
        "matrix-next": "matrix-next",
        "minecraft-data": "minecraft-data",
@ -259,6 +220,27 @@
        "sops-nix": "sops-nix"
      }
    },
+    "rust-overlay": {
+      "inputs": {
+        "nixpkgs": [
+          "greg",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1722651535,
+        "narHash": "sha256-2uRmNwxe3CO5h7PfvqXrRe8OplXaEdwhqOUtaF13rpU=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "56d83ca6f3c557647476f3720426a7615c22b860",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
    "sops-nix": {
      "inputs": {
        "nixpkgs": [
@ -279,21 +261,6 @@
        "repo": "sops-nix",
        "type": "github"
      }
-    },
-    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -23,8 +23,8 @@
    nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git";
    nix-gitea-themes.inputs.nixpkgs.follows = "nixpkgs";

-    grzegorz.url = "git+https://git.pvv.ntnu.no/Projects/grzegorz.git";
-    grzegorz.inputs.nixpkgs.follows = "nixpkgs";
+    greg-ng.url = "git+https://git.pvv.ntnu.no/Projects/greg-ng.git";
+    greg-ng.inputs.nixpkgs.follows = "nixpkgs";
    grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Projects/grzegorz-clients.git";
    grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";

@ -116,14 +116,20 @@

      brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" {
        modules = [
-          inputs.grzegorz.nixosModules.grzegorz-kiosk
          inputs.grzegorz-clients.nixosModules.grzegorz-webui
+          inputs.greg-ng.nixosModules.default
+        ];
+        overlays = [
+          inputs.greg-ng.overlays.default
        ];
      };
      georg = stableNixosConfig "georg" {
        modules = [
-          inputs.grzegorz.nixosModules.grzegorz-kiosk
          inputs.grzegorz-clients.nixosModules.grzegorz-webui
+          inputs.greg-ng.nixosModules.default
+        ];
+        overlays = [
+          inputs.greg-ng.overlays.default
        ];
      };
    };
--- a/hosts/bekkalokk/configuration.nix
+++ b/hosts/bekkalokk/configuration.nix
@ -16,6 +16,7 @@
    ./services/vaultwarden.nix
    ./services/webmail
    ./services/website
+    ./services/well-known
  ];

  sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml;
--- a/hosts/bekkalokk/services/website/default.nix
+++ b/hosts/bekkalokk/services/website/default.nix
@ -116,16 +116,6 @@ in {
      "/drift".return = "301 https://wiki.pvv.ntnu.no/wiki/Drift";
      "/diverse/abuse.php".return = "301 https://wiki.pvv.ntnu.no/wiki/CERT/Abuse";
      "/nerds/".return = "301 https://wiki.pvv.ntnu.no/wiki/Nerdepizza";
-
-      # Proxy the matrix well-known files
-      # Host has be set before proxy_pass
-      # The header must be set so nginx on the other side routes it to the right place
-      "^~ /.well-known/matrix/" = {
-        extraConfig = ''
-          proxy_set_header Host matrix.pvv.ntnu.no;
-          proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/;
-        '';
-      };
    };
  };
 }
--- a/hosts/bekkalokk/services/well-known/default.nix
+++ b/hosts/bekkalokk/services/well-known/default.nix
@ -0,0 +1,18 @@
+{ ... }:
+{
+  services.nginx.virtualHosts."www.pvv.ntnu.no".locations = {
+    "^~ /.well-known/" = {
+      alias = (toString ./root) + "/";
+    };
+
+    # Proxy the matrix well-known files
+    # Host has be set before proxy_pass
+    # The header must be set so nginx on the other side routes it to the right place
+    "^~ /.well-known/matrix/" = {
+      extraConfig = ''
+        proxy_set_header Host matrix.pvv.ntnu.no;
+        proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/;
+      '';
+    };
+  };
+}
--- a/hosts/bekkalokk/services/well-known/root/autoconfig/mail/config-v1.1.xml
+++ b/hosts/bekkalokk/services/well-known/root/autoconfig/mail/config-v1.1.xml
@ -0,0 +1,31 @@
+<?xml version="1.0"?>
+<clientConfig version="1.1">
+  <emailProvider id="pvv.ntnu.no">
+    <domain>pvv.ntnu.no</domain>
+    <domain>pvv.org</domain>
+
+    <displayName>Programvareverkstedet</displayName>
+
+    <incomingServer type="imap">
+      <hostname>imap.pvv.ntnu.no</hostname>
+      <port>993</port>
+      <socketType>SSL</socketType>
+      <username>%EMAILLOCALPART%</username>
+      <authentication>password-cleartext</authentication>
+    </incomingServer>
+
+    <outgoingServer type="smtp">
+      <hostname>smtp.pvv.ntnu.no</hostname>
+      <port>587</port>
+      <socketType>STARTTLS</socketType>
+      <username>%EMAILLOCALPART%</username>
+      <authentication>password-cleartext</authentication>
+      <useGlobalPreferredServer>true</useGlobalPreferredServer>
+    </outgoingServer>
+
+    <documentation url="https://www.pvv.ntnu.no/pvv/Drift/Mail/IMAP_POP3">
+       <descr lang="en">Setup programvareverkstedet email user with IMAP or POP3</descr>
+       <descr lang="nb">Sett opp programvareverkstedet email bruker med IMAP eller POP3</descr>
+    </documentation>
+  </emailProvider>
+</clientConfig>
--- a/hosts/bekkalokk/services/well-known/root/security.txt
+++ b/hosts/bekkalokk/services/well-known/root/security.txt
@ -0,0 +1,12 @@
+Contact: mailto:drift@pvv.ntnu.no
+Contact: mailto:cert@pvv.ntnu.no
+# drift@pvv.ntnu.no is read by more people and have a quicker reaction time,
+# but cert@pvv.ntnu.no can be used for more severe issues.
+
+Preferred-Languages: no, en
+
+Expires: 2032-12-31T23:59:59.000Z
+# This file was last updated 2024-09-14.
+
+# You can find a wikipage for our security policies at:
+# https://wiki.pvv.ntnu.no/wiki/CERT
--- a/modules/grzegorz.nix
+++ b/modules/grzegorz.nix
@ -1,31 +1,26 @@
 {config, lib, pkgs, ...}:
 let
-  grg = config.services.grzegorz;
+  grg = config.services.greg-ng;
  grgw = config.services.grzegorz-webui;
 in {
-  services.pipewire.enable = true;
-  services.pipewire.alsa.enable = true;
-  services.pipewire.alsa.support32Bit = true;
-  services.pipewire.pulse.enable = true;
-
-  users.users.pvv = {
-    isNormalUser = true;
-    description = "pvv";
+  services.greg-ng = {
+    enable = true;
+    settings.host = "localhost";
+    settings.port = 31337;
+    enableSway = true;
+    enablePipewire = true;
  };

-  services.grzegorz.enable = true;
-  services.grzegorz.listenAddr = "localhost";
-  services.grzegorz.listenPort = 31337;
-
-  services.grzegorz-webui.enable = true;
-  services.grzegorz-webui.listenAddr = "localhost";
-  services.grzegorz-webui.listenPort = 42069;
-  services.grzegorz-webui.listenWebsocketPort = 42042;
-  services.grzegorz-webui.hostName = "${config.networking.fqdn}";
-  services.grzegorz-webui.apiBase = "http://${toString grg.listenAddr}:${toString grg.listenPort}/api";
+  services.grzegorz-webui = {
+    enable = true;
+    listenAddr = "localhost";
+    listenPort = 42069;
+    listenWebsocketPort = 42042;
+    hostName = "${config.networking.fqdn}";
+    apiBase = "http://${grg.settings.host}:${toString grg.settings.port}/api";
+  };

  services.nginx.enable = true;
-
  services.nginx.virtualHosts."${config.networking.fqdn}" = {
    forceSSL = true;
    enableACME = true;
@ -40,20 +35,19 @@ in {
    '';

    locations."/" = {
-      proxyPass = "http://localhost:${builtins.toString config.services.grzegorz-webui.listenPort}";
+      proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenPort}";
    };
    # https://github.com/rawpython/remi/issues/216
    locations."/websocket" = {
-      proxyPass = "http://localhost:${builtins.toString config.services.grzegorz-webui.listenWebsocketPort}";
+      proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenWebsocketPort}";
      proxyWebsockets = true;
    };
    locations."/api" = {
-      proxyPass = "http://localhost:${builtins.toString config.services.grzegorz.listenPort}";
+      proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
    };
    locations."/docs" = {
-      proxyPass = "http://localhost:${builtins.toString config.services.grzegorz.listenPort}";
+      proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
    };
  };
-
 }
Author	SHA1	Message	Date
Oystein Kristoffer Tveit	9e41c3374d	Merge pull request 'bekkalokk/nginx: host `.well-known`' (!79 ) from move-well-known-to-bekkalokk into main Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/79 Reviewed-by: Daniel Lovbrotte Olsen <danio@pvv.ntnu.no>	2024-10-20 01:35:22 +02:00
h7x4	f39fee4213	bekkalokk/nginx: host `.well-known`	2024-10-20 01:34:41 +02:00
Oystein Kristoffer Tveit	4c77c9fc67	Merge pull request 'greg-ng 🎉' (!86 ) from greg-ng-working-branch into main Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/86 Reviewed-by: Felix Albrigtsen <felixalb@pvv.ntnu.no>	2024-10-20 01:30:26 +02:00
h7x4	7938e8135f	flake.lock: bump	2024-10-19 23:31:29 +02:00
h7x4	cbc3490882	modules/grzegorz: use greg-ng	2024-10-19 23:31:28 +02:00